1. Field of the Invention
This invention relates to a computer-readable recording medium storing an access rights management program, an access rights management apparatus, and an access rights management method, and more particularly to a computer-readable recording medium storing an access rights management program for controlling access rights to an electronic document, an access rights management apparatus, and an access rights management method.
2. Description of the Related Art
In the case where a document author (hereinafter simply referred to as “the author”) creates an electronic document using a computer and allows other users to read the electronic document, the electronic document is stored e.g. in a file server for shared access of the users to the electronic document to thereby easily allow the users to read the document.
To prevent leakage of such an electronic document to a third party, there have been proposed various methods of managing electronic documents (see e.g. Japanese Laid-Open Patent Publication Nos. 2001-167016 and 2002-244927). For example, as a basic method of managing electronic documents, a user-based (identity-based) management method is known in which policies as information indicative of conditions for access to electronic documents are controlled on a user-by-user basis. This method allows an author who intends to distribute an electronic document to set access conditions on a distributee-by-distributee basis, and is effective in managing use of electronic documents when applied to a relatively small-sized organization. When an organization is large in size or has a complicated hierarchical structure, however, the author has to carry out a complicated and troublesome operation.
Another known method is a role-based management method in which policies are managed according to roles or attributes of users. With this method, it is possible to set access conditions on a role-by-role basis or on an attribute-by-attribute basis, and policy management becomes possible for up to medium-sized organizations.
However, even when the role-based management method is employed, if an organization is large-sized or has a complicated hierarchical structure, the number of roles and attributes in policy management becomes enormous, which sometimes makes it impossible for an author to determine which policy to be used and makes his operation therefor very troublesome, resulting in the incapability of use and management of policies.
As described above, it is not easy for an author to finely specify distributees as intended within his authority for safe management of use of electronic documents.
On the other hand, in the case where electronic documents which are not policy-managed are distributed in an organization having a large size or a complicated hierarchical structure, an author of an electronic document trusts and permits a primary distributee (i.e. a person who receives the electronic document directly from the author) to perform secondary and tertiary distributions of the electronic document. This distribution method is noticeably used particularly in the distribution of electronic documents from a higher-ranked distributor to lower-ranked distributors.
However, when the distribution is repeatedly carried out in secondary and tertiary distributions or in even lower-order distributions, policies generated by the author or the primary distributee sometimes fail to be transferred to lower-ranked distributees. In such cases, policy management is loosened, and hence there is a fear that electronic documents might be leaked from lower-ranked or end distributees.